Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method, comprising: using a first key to protect a write operation on data by encrypting, by computer, the data with a data key; using a second key to protect a read operation on the data by decrypting the data with the data key and verifying a signature associated with the data with the second key; and using a third key to protect a write operation on metadata for the data by encrypting the metadata with a metadata key; wherein using the first key to protect the write operation further involves appending an amount of padding in the encrypted data to the encrypted data; wherein the write operation is protected prior to performing the write operation with a remote storage mechanism; wherein the read operation is protected after performing the read operation with the remote storage mechanism; wherein an amount of padding is determined by performing a modulo operation on a length of the data with a block size and subtracting a result of the modulo operation from the block size; wherein the determined amount of padding is appended to the encrypted data.
A method for protecting data involves using separate cryptographic keys for write and read operations. For writing data, the system encrypts the data using a data key and appends padding to the encrypted data to conform to a block size. The padding amount is calculated by finding the difference between the block size and the length of the data modulo the block size. This write protection occurs before the data is written to a remote storage system. For reading, the system decrypts the data using the data key and verifies a signature associated with the data. This read protection occurs after the data is read from the remote storage. A third key is used to encrypt metadata associated with the data.
2. The method of claim 1 , comprising generating the signature associated with the data with the first key.
The method described above also includes generating a digital signature for the encrypted data using the first key (the write operation protection key), ensuring the integrity of the data written to storage. This signature allows the system to verify that the data has not been tampered with during storage or transmission.
3. The method of claim 1 , comprising generating the signature associated with the metadata with the third key.
In the method described above, a digital signature is also generated for the metadata, using the third key (the key for writing metadata). This protects the integrity of the metadata, ensuring that it has not been altered.
4. The method of claim 1 , wherein the block size is used to encrypt the data.
In the method described above, the block size is used to encrypt the data. This means that the encryption algorithm employed relies on dividing the data into blocks of a specific size, where the block size is a parameter for the encryption process.
5. The method of claim 1 , wherein the first and second keys are associated with at least one of a file, a set of files, and a user.
In the method described above, the first and second keys (used for protecting write and read operations on data) are associated with a file, a set of files, or a specific user. This allows for granular control over access and security, ensuring that each file or user can have unique encryption and decryption keys.
6. The method of claim 1 , wherein the data key is associated with at least one of a block and a file.
In the method described above, the data key (used for encrypting and decrypting the main data) is associated with a block of data or an entire file. This means each block or file has its own unique key for confidentiality.
7. The method of claim 1 , comprising using a fourth key to protect a read operation on the metadata by decrypting the metadata with the metadata key.
In the method described above, a fourth key is used to protect a read operation on the metadata. The metadata is decrypted using the metadata key when read.
8. The method of claim 7 , comprising verifying a signature associated with the metadata with the fourth key.
The method described above also includes verifying the digital signature associated with the metadata using the fourth key (the key for reading metadata), confirming the metadata's integrity.
9. A system, comprising: a computer write-management apparatus configured to: use a first key to protect a write operation on data by an encryption of the data with a data key; and use a third key to protect a write operation on metadata for the data by an encryption of the metadata with a metadata key; and a computer read-management apparatus configured to: use a second key to protect a read operation on the data by a decryption of the data with the data key and a verification of a signature associated with the data with the second key; wherein using the first key to protect the write operation further involves an amount of padding in the encrypted data appended to the encrypted data; wherein the write operation is protected prior to the write operation being performed with a remote storage mechanism; wherein the read operation is protected after the read operation is performed with the remote storage mechanism; wherein an amount of padding is determined by a modulo operation being performed on a length of the data with a block size and a result of the modulo operation being subtracted from the block size; wherein the determined amount of padding is appended to the encrypted data.
A system for protecting data, which includes a write-management component and a read-management component. The write-management component encrypts data with a data key and encrypts metadata with a metadata key using a first key and third key respectively, calculating and appending padding to the encrypted data to conform to a block size. Padding is determined by the difference between the block size and the length of the data modulo the block size. The read-management component decrypts the data using the data key and verifies a signature with a second key. These protect write operations before remote storage and protect read operations after retrieval.
10. The system of claim 9 , wherein the computer write-management apparatus is configured to generate the signature associated with the data with the first key.
In the system described above, the write-management component also generates a digital signature for the encrypted data using the first key (the write operation protection key), ensuring data integrity.
11. The system of claim 9 , wherein the computer write-management apparatus is configured to generate the signature associated with the metadata with the third key.
In the system described above, the write-management component also generates a digital signature for the metadata using the third key (the key for writing metadata), confirming metadata integrity.
12. The system of claim 9 , wherein the block size is used to encrypt the data.
In the system described above, the block size is used during the data encryption process.
13. The system of claim 9 , wherein the computer read-management apparatus is configured to use a fourth key to protect a read operation on the metadata by decrypting the metadata with the metadata key and verifying a signature associated with the metadata with the fourth key.
In the system described above, the read-management component also uses a fourth key to protect the read operation on the metadata by decrypting it with the metadata key and verifying a signature.
14. The system of claim 9 , further comprising: a computer management apparatus configured to: provide the first key to the computer write-management apparatus; and provide the second key to the computer read-management apparatus.
The system described above also contains a management component that provides the first key to the write-management apparatus and the second key to the read-management apparatus. This centralizes key distribution.
15. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform: using a first key to protect a write operation on data by encrypting the data with a data key; and using a second key to protect a read operation on the data by decrypting the data with the data key and verifying a signature associated with the data with the second key; using a third key to protect a write operation on metadata for the data by encrypting the metadata with a metadata key; wherein using the first key to protect the write operation further involves appending an amount of padding in the encrypted data to the encrypted data; wherein the write operation is protected prior to performing the write operation with a remote storage mechanism; wherein the read operation is protected after performing the read operation with the remote storage mechanism; wherein an amount of padding is determined by performing a modulo operation on a length of the data with a block size and subtracting a result of the modulo operation from the block size; wherein the determined amount of padding is appended to the encrypted data.
A non-transitory computer-readable storage medium stores instructions that, when executed, cause a computer to protect data by encrypting data with a data key using a first key, appending padding calculated via modulo operation of data length and block size, then decrypting the data using the same data key and verifying a signature with a second key. Metadata is encrypted using a third key. Padding ensures the encrypted data aligns with block size requirements. Write operations are protected before remote storage, while read operations are protected after retrieval.
16. The non-transitory computer-readable storage medium of claim 15 , storing instructions that when executed by the computer cause the computer to perform generating the signature associated with the data with the first key.
The non-transitory computer-readable storage medium described above also includes instructions to generate a digital signature for the encrypted data using the first key (write key).
17. The non-transitory computer-readable storage medium of claim 15 , storing instructions that when executed by the computer cause the computer to perform generating the signature associated with the metadata with the third key.
The non-transitory computer-readable storage medium described above also includes instructions to generate a digital signature for the metadata using the third key (metadata write key).
18. The non-transitory computer-readable storage medium of claim 15 , wherein the block size is used to encrypt the data.
In the non-transitory computer-readable storage medium described above, the block size is used in the data encryption process.
19. The non-transitory computer-readable storage medium of claim 15 , wherein the first and second keys are associated with at least one of a file, a set of files, and a user, and wherein the data key is associated with at least one of a block and the file.
In the non-transitory computer-readable storage medium described above, the first and second keys are associated with a file, a set of files, or a specific user. The data key is associated with a block or file.
20. The non-transitory computer-readable storage medium of claim 15 , wherein using the first key to protect the write operation further involves appending an amount of padding in the encrypted data to the encrypted data.
In the non-transitory computer-readable storage medium described above, the method involves appending padding to the encrypted data during the write operation.
Unknown
September 5, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.